AuthenticatorChoiceGroup

Group information

Namespace: None

Schema document: saml-2.0-os/saml-schema-authn-context-types-2.0.xsd

Content

Choice [1..1]
- PreviousSession Indicates that the Principal has been strongly authenticated in a previous session during which the IdP has set a cookie in the UA. During the present session the Principal has only been authenticated by the UA returning the cookie to the IdP.
- ResumeSession Rather like PreviousSession but using stronger security. A secret that was established in a previous session with the Authentication Authority has been cached by the local system and is now re-used (e.g. a Master Secret is used to derive new session keys in TLS, SSL, WTLS).
- DigSig This element indicates that the Principal has been authenticated by a mechanism which involves the Principal computing a digital signature over at least challenge data provided by the IdP.
- Password This element indicates that a password (or passphrase) has been used to authenticate the Principal to a remote system.
- RestrictedPassword
- ZeroKnowledge This element indicates that the Principal has been authenticated by a zero knowledge technique as specified in ISO/IEC 9798-5.
- SharedSecretChallengeResponse
- SharedSecretDynamicPlaintext The local system and Authentication Authority share a secret key. The local system uses this to encrypt a randomised string to pass to the Authentication Authority.
- IPAddress This element indicates that the Principal has been authenticated through connection from a particular IP address.
- AsymmetricDecryption The local system has a private key but it is used in decryption mode, rather than signature mode. For example, the Authentication Authority generates a secret and encrypts it using the local system's public key: the local system then proves it has decrypted the secret.
- AsymmetricKeyAgreement The local system has a private key and uses it for shared secret key agreement with the Authentication Authority (e.g. via Diffie Helman).
- SubscriberLineNumber
- UserSuffix
- ComplexAuthenticator Supports Authenticators with nested combinations of additional complexity.

Used in

Type AuthenticatorBaseType (Element Authenticator)
Type ComplexAuthenticatorType (Element ComplexAuthenticator)